VIRUS-DISCUSSION-L Archives

Archiver > VIRUS-DISCUSSION > 2004-04 > 1081799426


From: "George W. Durman" <>
Subject: Look2Me SpyWare
Date: Mon, 12 Apr 2004 15:50:26 -0400


Have any of you had any experience with the Look2Me SpyWare infection? I
went to several websites last Thursday and don't know which one was
responsible for Look2Me being installed on my system, but it nevertheless
did get installed. If you have MS Internet Explorer running, even in the
background, Look2Me will suddenly switch to other websites, all with some
kind of advertising. Also, when you first start MSIE, it will open one of
its advertising pages, even if you have typed in your own URL. There will
be pop-ups all over the place, in spite of AdSubtract or other anti-Pop-Up
utilities. It's a real mess.

It took me 3 days to get completely rid of it. It has several variants and
I think I was infected by more than one of them. It's installation won't
be stopped by ZoneAlarm because of the way it comes into the
computer. SpyBot and Ad-Aware do find it AFTER it has been installed. I
didn't have Ad-Watch running at the time but it probably would have stopped
the installation. I DO have Ad-Watch running now and will not stop it
again, you can be sure!

Just thought that if any of you have problems with it, I might be able to
help. Mainly, if you remove it via SpyBot, PestPatrol, AdAware, etc., and
Windows Explorer (NOT Internet Explorer) is running (Explorer is usually
always running when Windows is running) it will immediately reinstall
itself. And, you can't delete the main .DLL file causing the problems
while in Windows. Has to be done after re-booting to DOS. I don't know
how many times I removed the Registry settings for this thing, both
automatically via an anti-Ad utility and manually, but it kept coming back
until I finally found a page on the Web that gave explicit instructions on
getting rid of it. Regardless of what the anti-Ad utilities say, they
WON'T remove Look2Me automatically!

If you ever get infected with this spyware, go to the Web and do a search
for "Look2Me". You'll find lots of pages to read on how to get rid of
it. The best one I found is
at: <http://www.kephyr.com/spywarescanner/library/look2me/index.phtml>;.
You may have to read several to find one that matches the problem on your
individual system. And, even if you follow the instructions from the page
I just mentioned, you'll find that some of the files it mentions are not on
your system. Some of the other pages list different files that must be
deleted, but, likewise, some of them aren't on the system. I think the
latest incarnation of Look2Me randomly installs files to make itself work,
and they won't always be the same.

Regards,
SgtGeorge


--
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.230 / Virus Database: 262.8.0 - Release Date: 4/9/04


This thread: